pg_escape_literal
(PHP 5 >= 5.4.4)
pg_escape_literal — Escape a literal for insertion into a text field
说明
string pg_escape_literal
([ resource $connection
], string $data
)
pg_escape_literal() escapes a literal for querying the PostgreSQL database. It returns an escaped literal in the PostgreSQL format. pg_escape_literal() adds quotes before and after data. Users should not add quotes. Use of this function is recommended instead of pg_escape_string(). If the type of the column is bytea, pg_escape_bytea() must be used instead. For escaping identifiers (e.g. table, field names), pg_escape_identifier() must be used.
Note:
This function has internal escape code and can also be used with PostgreSQL 8.4 or less.
参数
connection
PostgreSQL database connection resource. When
connection
is not present, the default connection
is used. The default connection is the last connection made by
pg_connect() or pg_pconnect().
data
A string containing text to be escaped.
返回值
A string containing the escaped data.
范例
Example #1 pg_escape_literal() example
<?php
// Connect to the database
$dbconn = pg_connect('dbname=foo');
// Read in a text file (containing apostrophes and backslashes)
$data = file_get_contents('letter.txt');
// Escape the text data
$escaped = pg_escape_literal($data);
// Insert it into the database. Note that no quotes around {$escaped}
pg_query("INSERT INTO correspondence (name, data) VALUES ('My letter', {$escaped})");
?>
参见
pg_escape_identifier() - Escape a identifier for insertion into a text field pg_escape_bytea() - 转义 bytea 类型的二进制数据 pg_escape_string() - 转义 text/char 类型的字符串